Skip to main content
Asynchronously update alert’s information.
External DocumentationTo learn more, visit the Rapid7 InsightIDR documentation.

Parameters

ParameterDescription
Alert RRNThe unique identifier of the alert to update, can be obtained using List Alerts action.
Assignee IDThe ID of the user to assign to the alert.
CommentThe reason for updating the alert, which is captured in the alert audit log for tracking purposes.
DispositionThe disposition of the alert.
Investigation RRNThe unique identifier of the investigation to attach the alert to.
PriorityThe priority of the alert.
StatusThe status of the alert.
TagsSelect whether to add or remove tags from the alert.
Tags ValueA comma-separated list of tags to add/remove from the alert.

Example Output

{
	"rrn": "string",
	"version": 0,
	"created_at": "2019-08-24T14:15:22Z",
	"updated_at": "2019-08-24T14:15:22Z",
	"alerted_at": "2019-08-24T14:15:22Z",
	"ingested_at": "2019-08-24T14:15:22Z",
	"external_source": "string",
	"external_id": "string",
	"organization": {
		"id": "string",
		"name": "string",
		"region": "string",
		"product_token": "string",
		"customer_id": "string",
		"customer_name": "string",
		"customer_code": "string",
		"customer_group": "string",
		"flags": [
			"string"
		]
	},
	"title": "string",
	"type": "string",
	"rule": {
		"rrn": "string",
		"name": "string",
		"mitre_tcodes": [
			"string"
		],
		"version_rrn": "string"
	},
	"rule_matching_keys": [
		{
			"key": "string",
			"values": [
				"string"
			]
		}
	],
	"rule_keys_of_interest": [
		{
			"key": "string",
			"values": [
				"string"
			]
		}
	],
	"responsibility": "UNMAPPED",
	"monitored": true,
	"assignee": {
		"at": "2019-08-24T14:15:22Z",
		"id": "string",
		"email": "string",
		"first_name": "string",
		"last_name": "string"
	},
	"priority": "UNMAPPED",
	"status": "UNMAPPED",
	"status_transitions": {
		"seconds_to_first_investigating": 0,
		"seconds_to_first_closed": 0,
		"first_closed_at": "2019-08-24T14:15:22Z"
	},
	"disposition": "UNMAPPED",
	"investigation_rrn": "string",
	"tags": [
		"string"
	],
	"permissions": {
		"canEdit": true
	},
	"fields": [
		{
			"id": "string",
			"values": [
				"string"
			]
		}
	],
	"analytics": {
		"analytics_is_novel": true,
		"analytics_novel_score": 0.1,
		"analytics_cluster_malicious": 0.1,
		"analytics_cluster_testing": 0.1,
		"analytics_pac": "string"
	},
	"due_date": "2019-08-24T14:15:22Z",
	"first_closed_at": "2019-08-24T14:15:22Z",
	"log_details": [
		{
			"log_id": "string",
			"logset_id": "string",
			"log_timestamp": 0,
			"log_entry_id": "string"
		}
	],
	"ai_suggested_disposition": "UNMAPPED",
	"prediction_metadata": {
		"property1": {},
		"property2": {}
	},
	"prediction_data": {
		"property1": {},
		"property2": {}
	}
}

Workflow Library Example

Update Alert with Rapid7 Insightidr and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop